7.1
CVE-2024-21460
- EPSS 0.07%
- Veröffentlicht 01.07.2024 15:15:14
- Zuletzt bearbeitet 21.11.2024 08:54:25
- Quelle product-security@qualcomm.com
- Teams Watchlist Login
- Unerledigt Login
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qualcomm ≫ Fastconnect 6900 Firmware Version-
Qualcomm ≫ Fastconnect 7800 Firmware Version-
Qualcomm ≫ Qcm8550 Firmware Version-
Qualcomm ≫ Qcs8550 Firmware Version-
Qualcomm ≫ Sg8275p Firmware Version-
Qualcomm ≫ Sm8550p Firmware Version-
Qualcomm ≫ Wcd9380 Firmware Version-
Qualcomm ≫ Wcd9385 Firmware Version-
Qualcomm ≫ Wcd9390 Firmware Version-
Qualcomm ≫ Wcd9395 Firmware Version-
Qualcomm ≫ Wsa8840 Firmware Version-
Qualcomm ≫ Wsa8845 Firmware Version-
Qualcomm ≫ Wsa8845h Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.228 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2 | 4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| product-security@qualcomm.com | 7.1 | 2.5 | 4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.